System and method for providing customers with seamless entry to a remote server

ABSTRACT

The present invention provides a seamless entry system that comprises a universal session manager. Users connect to the host service provider with a unique username and password. Then, through a series of data exchanges between the universal session manager, a validation database, and the remote service module, the customer may be transparently logged into remote service providers. Internet banking customers utilize a browser system to connect to a host server providing a range of banking services supported by a remote or distinct server. According to the method, the customer first enters a username and password to gain access to the host service provider. The universal session manager transmits data required for login to the remote service provider. The user is thus able to utilize the remote services with his/her web browser system without having entered a username or password particular to the remote service.

This application is a continuation of application Ser. No. 13/524,651filed on Jun. 15, 2012, entitled “System and Method for ProvidingCustomers with Seamless Entry to a Remote Server”, which is acontinuation of application Ser. No. 09/994,725 filed on Nov. 28, 2001,entitled “System and Method for Providing Customers with Seamless Entryto a Remote Server”, which is a continuation in part of application Ser.No. 09/591,687 filed on Jun. 12, 2000, entitled “System and Method forProviding Customers with Seamless Entry to a Remote Server”, and all ofwhich are incorporated herein by reference in their entirety for allpurposes, and all to which priority is claimed.

FIELD OF THE INVENTION

The present invention relates to a method that provides customers of ahost service provider or host server with a seamless experience,allowing them to access remote network services, which typically requiretheir own username, password, and session management application, via asingle login to the host service provider.

BACKGROUND OF THE INVENTION

A network service provider may want to provide its customers with accessto services that are not provided directly by its server. Therefore, theservice provider may have to redirect its customers to another remoteserver capable of providing the service.

For example, an Internet banking site may wish to provide its customerswith a full range of banking services, e.g., opening and maintaining achecking account, applying for a credit card or loan, paying bills, oraccessing brokerage or financial planning services. Each of theseInternet banking services may be provided by an independent server thatrequires the user to enter a unique username (or ID) and password.Therefore, when a customer wishes to utilize a banking service that isprovided by a remote server, after the Internet banking host serverredirects the customer to the remote service provider, the customer mustenter a new username and password specific to that service. Given thebroad range of services that an Internet bank may wish to provide, thisplaces the burden of renumbering and entering multiple usernames andpasswords on the customer. This is a significant drawback to thecustomer. This is also a significant drawback to the Internet bankbecause customer dissatisfaction may result in lost accounts.

Furthermore, if the customer returns to the host provider afteraccessing a remote service provider, and then desires to return to theremote service provider, the customer must re-enter the same usernameand password for that service. For example, in the Internet bankingcontext, if a customer decides to access his or her checking account,then utilize brokerage services, and then desires to return to his orher checking account, the customer must enter his or her unique usernameand password for the checking account service twice. This is asignificant drawback.

In addition, a host service provider may wish to change the remoteservice providers that customers can access through its server. In theInternet banking context, for example, a host Internet bank may utilizea particular remote service to provide its customers with checkingaccount services. For different reasons, the host Internet bank maylater wish to change the remote checking account service provider. Thiswould require the Internet banking customer to create and remember a newusername and password for the new remote service. Again, the burden ofremembering an even greater number of user names and passwords falls onthe customer and the risk of losing those customers is borne by the hostInternet bank. This is another significant drawback.

Other drawbacks to conventional approaches exist.

SUMMARY OF THE INVENTION

The present invention overcoming these and other drawbacks of existingsystems relates to a system and method for providing customers withseamless entry to a remote server, in which a mediation enginecoordinates access to multiple network sites without a need forcontinuous reentry of user ID or other information.

One feature of the present invention is to provide a specific time limitwhich a user can spend logged into the system.

Another feature of the present invention is to monitor the state of auser to determine whether the user is logged in or not.

Another feature of the present invention is to provide customers of ahost service provider with a seamless experience enabling them to gainaccess to one or more remote services by entering a single username andpassword required by the host service provider.

Another feature of the invention is to enable customers of a hostservice provider to regain access to a remote service provider, afterhaving exited that remote server, without having to re-enter theusername and password required by that remote service provider.

Another feature of the invention is to enable a host service provider toreplace or add remote services that a customer can access through thehost service provider without placing the additional burden on customersto enter a new username and password.

Another feature of the present invention is to provide an on-linebanking service having a consolidated financial homepage that givescustomers a read-only summary of information on all accounts theycurrently have with the banking service as well as value-add featureslike stock portfolio, personal reminders and targeted news feeds.

Another feature of the present invention may include the capability topersonalize the web site based on customer information and preferences.

Yet another feature of the present invention may include the ability forcustomers to bookmark pages inside of the on-line bank, and access thosepages directly without accessing a homepage.

These and other features of the invention will become apparent topersons skilled in this art from the following description.

One aspect of the present invention provides a seamless entry bankingsystem for offering a plurality of financial products and services tocustomers via a single login. The banking system comprises a hostserver, at least one remote server, a universal session manager, and avalidation module operatively linked through as electronic network. Theuniversal session manager and validation module enable customers of thebanking system to access the host server and a remote server via asingle login either to the host server or a remote server. For examplecustomers (or users) may connect to a host service provider module usinga unique username and password. Then, through a series of dataexchanges, or handshakes, between the universal session manager, thevalidation module database, and a remote server, the customer may betransparently logged into the remote server or service provider. Theuniversal session manager and/or the validation database may be a partof the host server service module or alternatively may be operatedindependently of the host server.

Customers may utilize a browser system to connect to the banking system.The banking system may provide a range of banking services includingon-line bill paying, instant credit card applications, loanapplications, online automated clearinghouse (ACH), or checking accountservices. Each service may be supported by the host server or a remoteor distinct server that is operatively linked to the host server.

Another aspect of the present invention relates to a method foraccessing a plurality of financial services and products that areoffered by a banking system comprising a host server and a plurality ofremote servers operatively linked across an electronic network. Themethod includes receiving login information for accessing the hostserver from a customer of the banking system and retrieving data foraccessing at least one remote server based at least in part on thereceived login information. The method further includes transmitting theretrieved data to the at least one remote server thus allowing thecustomer to transparently gain access to the remote server.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts & schematic diagram of a system, according to anembodiment of the present invention.

FIGS. 2A and 2B depict a flow diagram illustrating a method, accordingto an embodiment of the present invention.

FIGS. 3A and 3B depict an exemplary graphical user interface, accordingto an embodiment of the present invention.

FIG. 4 shows one embodiment of a web site, according to an embodiment ofthe present invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

For purposes of illustration, a system and method according to apreferred embodiment of the present invention are described herein. Thesystem is described as being part of an Internet based system thatenables customers of an Internet banking system to access remoteInternet banking services, which may require a unique username andpassword, having only entered a single username and password required bythe host Internet banking system. Furthermore, the invention isdescribed in terms of an Internet based bank providing a multitude offinancial services, some of which are provided by remote providers.However, it should be appreciated that this embodiment is exemplary onlyand that the invention finds application in any scenario involving ahost site that includes links to distinct remote sites with their ownseparate login procedures. It should also be appreciated that thepresent invention could be implemented through a variety of networkssuch as a telephone network, a satellite connection network, or othernetwork.

Also, for illustration purposes only, the invention is described interms of the existing Internet. The skilled artisan will recognize thatthe invention could be implemented in variations thereto, such as theso-called Internet Protocol Next Generation (IPng) or any othervariations of networked packet-switched technology.

According to one illustrative embodiment of the method of the presentinvention, a customer may first enter a username and password to gainaccess to the host server of an Internet bank. During the connection tothe host server, a validation module validates the customer's usernameand password. If the combination is valid, the validation moduletransmits data to a universal session manager indicating which servicesthe customer is enrolled in and the unique username and password thathave been generated for each remote service in which the customer isenrolled. The customer is then free to select one of these remoteservices provided by a remote server through a link provided by the hostservice provider. For example, if a customer chooses to complete a loanapplication and this service is provided by a remote server requiringits own user ID and password, the universal session manager may thenpass the required user ID and password to the remote server's loginmodule.

The remote server may receive the data required for login, from theuniversal session manager and transmit to the universal session managerthe status of the login attempt. If the login is successful, thecustomer may utilize the remote service with his/her web browser systemwithout having to enter a username or password particular to the remoteservice.

In another illustrative embodiment, the present invention may providecustomers of a banking system with access to remote service providerswhich require their own unique user IDs and passwords and have otherspecial access requirements. For example, a customer may utilize abrowser system to connect to a network bank providing a range of bankingservices with special access requirements. These secure services mayinclude brokerage services. If after entering a valid username andpassword to the host service provider the customer chooses to utilize aremote brokerage service provider with special access requirements, atrusted server may act as an intermediary between the universal sessionmanager of the host server and the remote brokerage system, for example.The trusted server may answer the login request of the banking site'suniversal session manager with a session ID extracted from a cookieplaced on the user's browser by the trusted server. When the universalsession manager receives the session ID, the customer may be redirectedto the remote brokerage site.

Referring to FIG. 1, an exemplary embodiment of the present inventionsystem is illustrative. A plurality of users or customers 20 may beconnected using a network 10 to a host service module or provider 50.For example the host service provider 50 may be an Internet bankingservice site. Network 10 also may comprise a cable network, a LAN, aWAN, an intranet, an extranet, the Supernet, or any other electronicnetwork that allows transmission of information.

Host service provider 50 may include a plurality of modules thatfunction to perform the functions described above in addition to otherfunctions set forth below. Although separate modules are described forperforming these functions, it should be understood that additionalmodules may also be provided and that modules may be combined.

According to an embodiment of the invention, host service provider 50may comprise a universal session module or manager 52 and a validationdatabase 60. The universal session manager 52 may communicate with oneor more databases 60 in communication with the host service provider 50.The database(s) 60 may store information required for login to remotesites or registration for the services those sites provide. Remoteservice provider 30 may comprise a registration module 32 and a loginmodule 34. Registration module 32 may receive data from the universalsession manager 52 necessary for customer 20 registration with theremote service provider 30. Login module 34 may communicate with theuniversal session manager to receive the information required for accessto the remote service provider, e.g., username and password. Loginmodule 34 may also reply to the universal session manager 52 indicatingthe status of the login request.

The system may also include a trusted service module 70 and a trustedservice provider 80. The trusted service module 70 acts as anintermediary between the universal session manager 52 and the trustedservice provider 80. The trusted service provider 80 may be a remoteservice with special access requirements in addition to a uniqueusername and password.

Referring now to FIGS. 2A and 2B, a method for providing customers withseamless entry to a remote server is illustrative. According to themethod, a customer 20 employing a browser 22 may contact a host serversuch as an Internet banking service provider 50, according to block 125.A customer then transmits a personal username and password to auniversal session manager 52 of the host service provider 50, accordingto block 150. The host service provider 50 may comprise a server systemconnected over a wide area network such as the World Wide Web orInternet 10 to provide web-pages upon request from one or more usersutilizing a web browser 22. For example, a customer may use a browser 22to connect over the Internet 10 to a web-site that provides Internetbanking services. Existing browser/server technology may be used totransmit the username and password to the host service provider 50.

In response to the customer's transmitting a username and password tothe universal session manager 52, the universal session manager 52 ofthe host service provider 50 may transmit the username and an encryptedversion of the password to the validation database 60, according toblock 200. The validation database 60 checks the username and passwordto make sure that the user has entered a valid username/passwordcombination. If the username is not recognized by the validationdatabase 60, according to block 325, or if the username and password donot match, according to block 350, the user will be asked to re-enterhis or her username and password, according to block 150. The customer20 of the Internet banking system 50 of FIG. 1 may be allowed, forexample, three or another number of attempts to enter a correct usernameID/password combination. Once the customer 20 has entered a valid login,according to block 300, the database 60 will return to the universalsession manager 52 the information necessary for the transparent loginto the remote service 30, according to block 400. As described, theinformation may comprise the type of the Internet banking services inwhich the customer 20 is enrolled and/or the username particular to thatuser and required by a remote banking service web site. The informationmay also in one embodiment include identifying information necessary forsecured e-mail. The information also may include data necessary forprofiling a dynamic application form related to user-selected productsand services. The customer may select a link to one of the remoteservices 30 provided through the host service provider 50, according toblock 450. For an internet based banking system, these services mayinclude, for example, checking account maintenance, credit card and loanapplications services, electronic bill paying, and brokerage services.These services also may include Internet search engines, other web sitesthat offer membership services, e-mail services, or campaignadvertising.

The universal session manager 52 may then check the validation database60 return data to see if the customer has enrolled in the service,according to block 500. If the customer is enrolled in the selectedservice, the present embodiment initiates a triple handshake protocol,according to block 600. In the first step 625 of the triple handshakeprotocol 600, the universal session manager 52 may send the requiredcustomer username and password to the login module 34 of the remoteservice provider. This may comprise the universal session manager 52 ofan Internet banking service provider 50 sending redirects to remoteservice web sites 30, which may include services such as on-linechecking, on-line brokerage, on-line credit card application or onlinebill paying sites.

In the second step 650 of the triple handshake protocol 600, the loginmodule 34 of the remote service module 30 sends the universal sessionmanager 52 a reply indicating the status of the login request. Thestatus may indicate that the login attempt to the remote serviceprovider 30 was successful according to block 725, or that the loginattempt failed according to block 675, or that the login status isunknown, i.e., customer has never registered for the service before,according to block 700. For example the login module 34 may sendredirects over the Internet 10 to the universal session manager 52 ofthe host Internet banking provider's web site 50.

In the final step 750 of the triple handshake protocol 600, theuniversal session manager 52 may direct the customer to a remote serviceprovider 30. For example, the universal session manager 52 of anInternet banking web site 50 may redirect a customer to the web site ofthe Selected remote service provider 30.

If the universal session manager 52 determines that the customer is notregistered for the selected service the universal session manager 52will transparently register the customer for that service, according tothe no branch of block 500. transparent registration may involve thatthe universal session manager 52 contact the validation database 60 toretrieve the information necessary for registration, according to block525. This may include providing a unique username and passworddesignated for use only with the selected service. Then the universalsession manager 52 sends data to the registration module 32 of theremote service provider's web site, according to block 550. The remoteservice 30 then confirms the customer's registration, according to block575 and the universal session manager 52 initiates the triple handshakeprotocol 600. In the present embodiment, transparent registration may beaccomplished by a series of redirects between the universal sessionmanager 52, the validation database 60, and the registration module 32of the remote service provider 30.

The customer also may choose an Internet banking service, e.g., abrokerage service, that has special access requirements in addition to aunique username and password. If the customer is enrolled in theselected service, the system may initiate a trusted server dedicatedline redirection.

For example, the trusted service module 70 can make a direct call to thetrusted service provider 80, according to block 800. This may comprise atrusted brokerage server 70 established by an Internet banking service50 providing a secure brokerage service 80 which the login redirectsover a dedicated line. The trusted service provider 80 may respond tothe trusted service module 70 in the form of an html response with asession ID associated with it, according to block 825. For example, thismay involve a brokerage system 80 responding to a trusted brokerageserver 70 in html form over a dedicated line. The trusted service module70 may send this “cookie” to the user's network data acquisition module22, after reading the session “cookie” and extracting session ID. Forexample, this may include a trusted brokerage server 70 placing this“cookie” on the customer's Internet browser 22.

The trusted service module 70 next answers the universal session manager52 with the status of the login attempt and the sessionID extracted fromthe cookie. Once the universal session manager 52 receives this data, ifthe login attempt was successful, the customer will be directed to thetrusted service provider 80, as in step 750. This may comprise, theuniversal session manager 52 of an Internet banking service provider 30receiving data from a trusted brokerage server 70 and then redirectingthe Internet banking customer 20 to a brokerage service provider 80.

During a session, if a customer 20 remains logged in, but no activityoccurs, the universal session manager 52 performs a data securityfunction by causing customer 20 to automatically logout. In a preferredembodiment, this timeout occurs after about thirty minutes ofinactivity.

FIGS. 3A and 3B illustrate an exemplary graphical user interface. FIG.3A illustrates a screen that may be provided when a user 20 initiallyattempts to access host server 50. The user 20 is prompted to enter auser name and password, or alternatively to create a new user name andpassword to be granted seamless access to pertinent applications.

If the user 20 elects to create a new user name and password, access isgranted upon the user's submission of data requested in FIG. 3B.

According to a preferred embodiment of the present invention an InternetBanking System is provided tor offering many financial products orservices to customers via a single sign-on process. The Internet BankingSystem comprises a host server that includes a Universal Session Manager(USM) for maintaining the customer single sign-on process. The USM isoperatively linked to a validation database or module comprising aplurality of user profile databases. The USM authenticates a customer'slogin information and subsequently transparently logs the user into thevarious other services a customer has signed up for. Optionally, the USMmay navigate a customer to various marketing, demonstration orapplication locations through the site of the Internet Banking hostserver. Preferably, authentication, customer-registration, customizationof branded graphics, and ad generation are accomplished via one or moredifferent modules operatively linked to the USM, however, it should beunderstood that these functions can also be accomplished via the USM.Separating these functions from the USM improves the overallfunctionality of the USM stream-lines the USM, and creates a series offinancial services that are readily accessible to a customer via theUSM.

The Internet banking system may offer many financial products andservices, some of which may be offered by remote service providers.Preferably the system may offer a consolidated homepage that provides anoverview of all the available services that can be accessed via a singlesign-on. The consolidated homepage may give a customer a read-onlysummary of information on all active accounts with the Internet bankingservice as well as value-add features like stock portfolio, personalreminders, and targeted news feeds. Also, preferably, the home page maybe customizable by the customer to show only those accounts, informationand views the customer wishes to have displayed upon successful login.For example, the homepage may include one or more of the followingfeatures:

-   -   Bank account summary data presented on a secure homepage with        applicable links;    -   Account summaries for all Internet banking products on a single        page;    -   Customized stock portfolio tracking through an investment        services module;    -   Financial news feed;    -   At your request offers;    -   Personalization of the consolidated page to allow customers to        choose what account summaries they want data displayed;    -   Targeted promotions and advertising based on profiles of the        customer;    -   Targeted financial news feed based on customer's preferences;    -   Reminder Service display of currently scheduled reminders; and    -   Automated clearinghouse (ACH), which is an electronic network        for permitting clearance of paper checks and transmitting        information regularly between a bank and the Federal Reserve,

To accommodate the requirements for the consolidated homepage, variousservices may be utilized, such as a dynamic page generator, a customerprofile, an ad generator, or any other useful services.

The system may also allow card-members to see their credit cardstatements on the web site, and to have access to a bill payfunctionality. Customers may also apply for credit cards or otherfinancial transaction cards on-line. Customers having active cardaccounts may view their card statement on the web site. For example acustomer may use a username and password for logging to the host serviceprovider web site and access their active credit card accounts.

Customers may also apply for other services offered by the host serviceprovider or other remote service provider. Therefore, using a singlelogin customers may access a variety of services that would otherwiserequire multiple logins. The system will maintain the login informationsuch as a username and password at one place and automatically updatethe login information whenever a customer changes this information forexample by changing his or her password.

Preferably, the system may include a USM for controlling access to allInternet services linked to the host server. The USM may employ one ormore conventional procedures for authenticating the identity of acustomer by employing one or more well known techniques, such asusername/password rules, encryption technology, enrollment processes,question/answer techniques, etc. The USM may include at least onestorage device or module or database for storing and maintaining primarylogin and authentication information. Primary key mapping may occurdepending upon the selected service, but does not necessarily existuniversally. Customers may be notified, for example, via banner ads,emails, etc. about the consolidated login feature. Also, the login datamay be duplicated in the profile database periodically to ensurecontinuity.

The primary function of the USM is to authenticate users, via a remoteprocedure call (RPC) to the validation module, and then transparentlylog them into the various services based on the remote services datasent back to the USM from the validation module via this RPC. Thelocation of the USM may vary. For example, the USM may be part of thehost server or it may be operated independently.

The on-line banking functions presented according to the invention mayhave a consistent look and feel to provide a consistent interface for amore customer friendly experience. For example, in one embodiment thetop navigation bar may be reduced to the following tabs, Accounts,Products & Services, and Planning. When selecting the Products &Services tab, the customer will be presented with a page listing thebanking products and services they are entitled to have, but don'tcurrently have. When a customer selects the Accounts tab, the customerwill be directed to a page listing customer accounts. The planning tabmay allow a user to plan a banking strategy.

The system may dynamically generate the site based on customer data,customer preferences, and where the customer is coming from, i.e., whatlink brought them to the On-line Internet Bank. The types of variableaspects of the site generation may include, what services to show, forexample, what pages to prepare, and which brand to show. For example, inorder to dynamically show the services, to do targeted marketing, and todo private labeling, etc. the system may include a dynamic siteassembler that can build the site/pages dynamically based on predefinedbusiness rules, and a customer data and preferences.

The invention may include the capability to personalize the web sitebased on customer information and preferences. This may includedynamically determining what offers to target to customers depending ontheir personal data, e.g., profile, preferences, customer activity, andcustomer account data. It may also include dynamically determining whatproducts to cross-sell to customers depending on their personal data.

Customers may also be given an option to bookmark pages inside of theon-line bank, instead of always taking them to the homepage. Forexample, this functionality may include displaying actual URL's in thebrowser's top URL display window and sending customers that haven'tlogged in to a different non-public homepage, instead of a publichomepage non-customers view.

The system may also provide a frequently asked questions page with linksto information sources. The system may also include a pricing serviceoffering different price points.

According to one embodiment, shown in FIG. 4, the Internet Bankingsystem may comprises a web site including at least three frames, aglobal outer frame 401, a top frame or Top Navigation Bar 403 whichcontains links to the various internal services as well as Login/Logoutbuttons and a bottom frame 405, where the remote (external) serviceswill be hosted. Inside the bottom frame, there can be up to two frames,one left-hand service specific navigation bar 405 a and a main frame 405b hosting the page. The USM will maintain the global outer frame and thetop navigation bar, transparently logging and directing the customers tothe selected service whether via tab selections or browserresize/refreshing. Also there may be left-hand navigation bars added(not shown).

The USM may typically update the last accessed times (LAT) and performsession timeouts based on this time variable. Activity in the topnavigation bar and/or direct links to the dispatch service updating theLAT variables, thus preventing the customer sessions from timing out andbeing automatically logged out. If a customer is active within thebottom frame for more than a predetermined amount of time, such as 30minutes (and does not activate the USM), their session may be closed andthey will be logged out.

Examples Example 1 Customer Login Specification

According to one embodiment of the present invention the host server mayretrieve customer information data from a file in the validation modulecontaining a plurality of customer login Information and data. This filewill contain authentication status and, if the status equals 0 forSUCCESS, it will contain the data necessary for the transparent loginsto the various remote services in name-value pair format.

For example, the specification may include:

Customer login RPC input parameters:

-   -   CIFAUTH.USERID1=userid    -   CIFAUTH.PASSWORD=encrypted password

The validation module RPC will begin authentication of the customer.Possible return statuses include:

-   -   STATUS=0 successful authentication (additional customer info        will also be provided)    -   STATUS=1 customer not found    -   STATUS=2 authentication failure    -   STATUS=3 authentication failure, exceeded max tries

Any status other than 0 (success) will return only the name STATUS andits value.

A success will return the following in a single, pipe-delimited,name-value pair string:

-   -   STATUS=0    -   CIF.ACN=customer number    -   CIFAUTH.USERID1=userid    -   CIFAUTH.PASSWORD=password    -   CIFAUTH.LSTLOGDT=successful login date    -   CIFAUTH.LSTLOGTM=last successful logon time    -   CIF.TAXID=taxid    -   CIF.FNAME=first name    -   CIF.LNAME=last name    -   CIF.EMAIL=email

repeated section for each service a customer has enrolled in:

-   -   CIFSERV.SRVCAT=service category        -   (BROKER, PAYMENTS, CREDIT, LOANS, DEPOSITS, ECOMMERCE)    -   CIFSERV.SERVICE=service name (for category PAYMENTS, TRAVELERS)    -   CIFSERV.STATUS=numeric status field, complies to following        business logic if more than one account. If at least one account        has a CIFACCT.STATUS of 1 or 7, then set CIFSERV.STATUS to 1,        else if at least one of the accounts has a CIFACCTS.STATUS of 3,        4, or 8, then set CIFSERV.STATUS to 2, else set CIFSERV.STATUS        to 0.        -   0—account open, but customer is not enrolled        -   1—active account        -   2—pended account    -   CIFSERV.PASSWORD=password associated with this service

Each data pair will be delimited with a symbol such as a “|”. Thisarchitecture supports an unlimited number of services a customer may belinked to. If a customer has multiple accounts with a given service, theCIFSERV.STATUS will indicate the customer's status with a service, not asingle accounts' status. Thus, if a customer has at least one accountwith an active status, the CIFSERV.STATUS will be set to 1, else if theyhave at least one account with a pending status, the CIFSERV.STATUS willbe set to 2, otherwise it will be set to 0. Essentially, the combinationof two fields, SRVCAT and SERVICE, will repeat N times, depending onwhat services the customer has accounts with. Data needed tor login forremote services can come from the non-recurring as well as the recurringsections. But it has to be data that is returned by the customer loginprocedure call.

Example 2 Selecting a Service Tab/Link (Navigation)

According to a preferred embodiment, when a customer selects one of theservice buttons or tabs on the top navigation bar (FIG. 4), the USM mayfirst check to see:

(a) if the customer has been authenticated to the host server.

(b) then it will check the validation module customer login RPC returndata to see if the customer has enrolled in this service and dependingon the CIFSERV.STATUS value the USM will provide different behaviors forthe customer as described below.

If (a) is false or if the CIFSERV.STATUS value is equal to 0 (notactive), the USM will direct the customer to the services'demo/marketing/apply pages. Otherwise if the CIFSERV.STATUS value isequal to 2 (pending), the USM will redirect the customer to a genericmessage screen with the message, “Your application is being processed.You will be notified when your account is activated.” Else if theCIFSERV.STATUS value is equal to 1 (active), the USM will cheek thecustomer's session activity table to see if they already dogged intothis service during their current Internet Banking session. If theyhave, they will be redirected to the remote services “main” page,otherwise they will be redirected to the remote Services “login”handshake.

In this embodiment there may be two mechanisms in place to handle thetriple handshake protocol. The first is a series of browser redirects,and the second uses a Trusted Server with a dedicated line connectingInternet Banking system to the remote service. Those services requiringa dedicated line will use the Trusted Server to handle the transparentlogin of a customer to that remote service. Using the Trusted Server,once the transparent connection is completed successfully, a cookie maybe placed on the person's browser identifying the customer to thatremote service and they are redirected to the “main” page over theInternet.

The login parameters at the various remote services may vary. Some mayrequire userid/password, some may require more parameters, lessparameters, or different parameters. The USM preferably may be designedto accommodate any variety of login parameter required, as long as theparameters are stored at the validation module and are returned to theUSM from the validation module during the customer login RPC. The USMhas the login properties identified in the usm.properties file. When newremote services are added or login requirements change, the new serviceneeds to be specified in this file and the list of login parametersspecified. This file may contain a listing of the validation modulevariable names and a mapping of the validation module names to thevariable names used by the USM.

Example 3 “Single” or First Leg of the “Triple” Handshake Specification

The USM may utilize dispatch and listen servlets to send redirects tothe remote services. Redirection may include a “single” a “triplehandshake” or a “tripleD” handshake. The “tripleD” is identical to the“triple” handshake, except that prior to sending the browser redirects,the data will be encrypted with a DES algorithm. For example, the firstleg of the “Triple handshake” may have the following format:

https://<service_url>.com/login?<login_param_name1>=<login_id>&<login_param_name2>=<login_pwd>&returnURL=www.Internetbank.com/listen?action=login&USMid=<USMsessionId>&service=<service_name>

An example of this is:

https://banking.Internetbank.com/Scripts/bankstart.exe?userid=12345678&password=abcd4567897qre&returnURL-www.Internetbank.com/listen?action=login&USMid=99999&service=BANKING

The USM may have a configuration file/table containing service names andname specification of login values.

Each name-value pair may be unique in order to differentiate them. Thedesignated names for the login values in the usm.properties file may be:

-   -   CIF.ACN=customer_userid    -   CIFAUTH.USERID1=userid    -   CIFAUTH.PASSWORD=password    -   CIF.TAXID=taxid    -   CIF.FNAME=fname    -   CIF.LNAME=lname    -   CIF.EMAIL=email    -   CIFSERV.SRVCAT=service    -   CIFSERV.PASSWORD=service_password

The “single” handshake is used for services that all customers haveaccess to, without login, enrollment, or registration requirements. Anexample of a “single” handshake site within the Internetbank is thepublic home page.

http(s)://<serviceURL>?<paramIname>=<paramIvalue>& . . .&<paramNname>=<paramNvalue>http://home.Internetbank.com/Internet/users/users_home.htm

Example 4 Return Status of “Login” Handshake (Second Leg of the “Tripe”Handshake)

Once the remote services receive the login redirect, they reply with aredirect to the host server, indicating the status of the login request.The possible return values are:

OK—login successful

FAILED—login did not match

UNKNOWN—username not enrolled

OTHER—service is having system problems

If the status is equal to FAILED, this indicates that the password datain the service provider's database has been changed (for a variety ofreasons). This event needs to be logged for security monitoringpurposes. Then the USM will perform the registration process.

If the status is equal to UNKNOWN, this indicates the customer has neverregistered a userid/password for this service. Then the USM will alsoperform the registration process.

If the status is OTHER, then for some reason either the login was notprocessed properly by the remote system, or there were some remotesystem problem/errors. The customer will be directed to try again at alater time. This event will be logged for monitoring.

If the status is OK, then the User Session Manager needs to save theservice's local customer's session ID. The USM handles the remote loginprocess for the various services in a transparent manner to thecustomer. The USM keeps track of the various services the customers haveentered during the session. It will store the remote local session IDSfor each of the services a customer has successfully logged into. Thus,if someone has successfully logged into a remote service during theircustomer session, the next time they select a link/tab to enter thisservice site, the USM knows they have been authenticated and will passthem directly to the “main” page of this site. This will limit theoverhead of the “triple handshake” to once per customer session. If aremote service does not create session, then they can use whatever valuethey want to uniquely identify the customer. Preferably, the identifiervalue may not contain ampersands “&” and may not expose customerconfidential data, such as social security number.

For example, the exception login may use the following format:

Hostname:xx, AppnName:xx, EventMsg:”EventClass: xxx, RemoteApp:xxx,UserID:xx, Source_ipaddr:xxx, SessionMgrID:xx, RemoteSessID:xx”,EventDescription:”error message”

For those services that do not include a registration process, examplesof values that may be returned, from the login handshake, are “OK” or“OTHER”.

Example 5 Second Leg of the “Triple” Handshake Specification

Services using the “triple handshake” may relay login status values backto the USM. For example, the first leg of the “triple handshake”, asdescribed above may include a return URL parameter. Also, the remoteservices may append a session ID and a status to the end of this stringand may have a complete signature for the second leg of the handshake.

For example, the resulting return redirect may look like:

https://www.Internetbank.com/listen?action=login&USMid=<USMsessionId>&service_name>&session=<localsession id>&status<OK, FAILED, UNKNOWN or OTHER>

The return redirect may also look like:

https://www.Internetbank.com/listen?action=login&Usmid=999999&service=BANKING&session=ababcdekduiekd&status=OK

Example 6 Customer Navigation to Remote Service (Final Leg of the“Triple” Handshake)

After the return status has been evaluated and is successful, the remotesession ID has been stored in the customers' USM session, the customermay be redirected either to the registration process, a system problemmessage, or the production site. The customer navigation is preferablyspecified by the third leg of the “Triple” handshake.

After a successful remote login, the USM may redirect the customer tothe service's main page. The Internet bank system may have control ofthe outer frame and the top navigational bar. The various services'pages may be hosted in the main bottom panel and may contain a left-handnavigation bar for local navigation. For example, a format for theredirect to the main page may be:

https://www.<service_name>.com/<name of mainpage>?<paramIname>=<paramIvalue& . . . &<paramName<=<paramNvalue>

Also, the last leg of the “triple handshake” may be:

https://banking.Internetbank.com/scripts/bankstart.exe?USMid=999999&session=ababcdekduiekd&service=BANKING

In the case of a FAILED or UNKNOWN status, the USM may call theregistration process to register (or re-register) the customer with theremote service. If the status is OTHER, then for some reason either thelogin was not processed properly by the remote system, or there weresome remote system problem/errors. The customer may then be directed totry again at a later time. This event may be logged for monitoring.

Example 7 Customer Service Registration

There are at least two kinds of data necessary for registering acustomer with a remote service. The first is the unique userid andremote service password, the second is the data stored in the validationdatabase necessary for registering a customer with a remote servicesdatabases.

The USM may use the CIF.ACN value as a unique userid. A remote passwordis generated using a series of algorithms specified by a data securityserver. Each remote service has a guarantee of not getting the sameremote password as the other services for this customer because eachservice is specified a unique key that is used in the remote passwordgeneration process. These remote userids and passwords are unknown tothe customers.

The exact data necessary to register a customer into the variousservices may vary depending upon the service. When a transparent servicelogin fails with an UNKNOWN or FAILED status, then the registrationprocess needs to contact the validation module Sanchez database toretrieve the information necessary for registration. This may be a twostep process. For example, first the USM may contact the validationmodule with the CIF.ACN and the service name. The return values fromthis call are a list of column names of the data that has been flaggedas necessary for registration. Then a second call may be made with theCIF.ACN value and the list of column names to retrieve the valuesnecessary for registration.

A successful registration status may enable the User Session Manager toupdate the validation module with the remote password information. Anunsuccessful registration status may cause the User Session Manager togive the customer a “try again” message. If a remote service does notrequire registration they may never return the UNKNOWN or FAILEDstatuses to the login call, but only the “OK” or “OTHER” statuses.

Example 8 Registration Handshake Specification

Registration redirects—If the login leg of the “triple handshake”returns a status value of FAILED or UNKNOWN, the USM may send aregistration redirect to that service transparently. This registrationcall may preferably be called only once per the life of the customer asa member of the Internet Bank, not once per session. For example, theregistration redirect may have the following format:

https://<service_name's

URL>/registration?customer_userid=<CIF.ACN>&service_password=<generatedremote_password>&. . .&<registration_nameN>=<nameN_value>&returnURL=www.Internetbank.com?listen?service=<service_name>&action=registration&USMid=<UserSession Manager session id>

The generated remote password value may be generated dynamically forthat customer and that service using a series of algorithms and uniqueseeds/key associated with each service. Therefore, all remote servicesmay depend on receiving a different customer userid and service passwordcombination for that customer than the other services.

Other parameter values may also be retrieved from the validationdatabase and dynamically added to the URL. Typically, the USM may haveno ability to control what parameter values are retrieved from thevalidation database. For example, the validation database may have acolumn that flags the values it stores as necessary for customerregistration. These may be the values that are retrieved from thevalidation module. The remote service may also send an acknowledgmentreply. As the example shows, the reply may be the return URL parametersent in the registration redirect with the addition of a local sessionID and a status value.

www.Internetbank.com/listen?service=<service_name>&action=registration&USMsid=<UserSession Manager session id>&status=<OK, FAILED, or OTHER>

If the reply contains the OK status value, then the remote password maybe stored at the validation module and the USM may automatically startthe “triple handshake” over again to transparently log the customer in.The event may be logged and the customer given a message indicating thatthere are problems accessing the remote site at this time. No data isupdated the validation module.

Example 9 Logout Servlet

When a customer logouts or times out from the Internetbank host server,the USM may send a logout redirect to those remote services the customerhas accessed during this session so that they may clean up theirsessions. However, the remote service may choose to ignore this message.The USM may not receive a return from this redirect message. Thus thismay be a message call without directing the customers browser to theremote services site. An exemplary format of the logout redirect may be:

https://www.<service_name>.com/logout?session=<remote_sid>

Example 10 Dispatch Servlet

For certain services, such as email, the various remote services maycontact the USM directly (not via tab or link selection by thecustomer), so that the customer may be redirected to that service. Anexemplary syntax for this servlet may be:

https://www.Internetbank.com/sessionManager/dispatch?service=<service_name>&<paramIname>=<paramIvalue>&. . . &<paramNname>=<paramNvalue>&fromService=<remote_service_name>

https://www.Interentbank.com/sessionManager/dispatch?service=email&acctNum=<customer'sacctnumber>&from Service=<remote_service_name>

The dispatch servlet may follow the following business logic todetermine customer navigation:

a) Check to ensure the user has authenticated with Internetbank hostserver. If not, the USM may direct the user to a marketing/demo site forthis service;

b) If the customer has been validated, and the customers session tableshows they have already been successfully logged into this remoteservice during the current session, the USM may direct them to theremote site's “main” page;

c) If the customer has been validated and has not been logged into thisremote service yet, and the CIFSERV.STATUS value for this service is 0or if the customer is not enrolled in this service, the USM may directthe user to the marketing/demo site;

d) If the customer has been validated and has not been logged into thisremote service yet, and is enrolled with a CIFSERV.STATUS value of 1 forthis service, the USM may do the login redirect; and

e) If the customer has been validated and has not been logged into thisremote service yet, and has a CIFSERV.STATUS value of 2, the USM maysend them to a Generic Message site with a message, such as “Yourapplication is being processed. You will be notified when your accountis activated.”

CheckLogin servlet—if a remote service detects that a user entered theirsite directly, or if their own remote session timed out while thecustomer was active elsewhere on the Internet bank host server, they maywant the transparent login to take place again to initiate a new localsession. In this case, they can call a checkLogin servlet. ThecheckLogin servlet may:

f) Check to ensure the user has authenticated with the host server. Ifnot, the USM may direct the user to the marketing/demo site for thisservice;

g) If the customer has been validated, and the CIFSERV.STATUS value forthis service is 0 or if the customer is not enrolled in this service,the USM may direct the user to the marketing/demo site;

h) If the customer has been validated and is enrolled with aCIFSERV.STATUS value of 1 for this service, the USM may do the loginredirect, even if they have already entered this site during theircurrent session;

i) If the customer has been validated and has an CIFSERV.STATUS value of2, the USM will send them to the Generic Message site with the message,“Your application is being processed. You will be notified when youraccount is activated.”

Example 11 Change Password Servlet

The USM may include password functionality. On a change password screen,a customer may be allowed to select a new password (not a new username).Typically, they may provide a username, an old password, and a newpassword. The username and old password may be verified at a validationmodule to be correct. If this verification succeeds, the USM may checkthat the new password passes a set of rules to ensure the password isstrong enough. If this succeeds, then the USM will update the primarypassword at validation module for this customer and return a successfulchanged password message. In case of any failures, the customers arenotified the password was not successfully changed.

Customers with disabled accounts from for example 3 or moreusername/passwords failures, may not change their password until apredetermined time such as a 24 hour period has elapsed and theiraccount is enabled.

Example 12 Vanity Servlet

The vanity servlet is a class used to execute vanity URLs. For instance,in the URL “www.Internetbank.com/login”, “www.Internetbank.”com” is thebase URL and “login” is the vanity URL. The vanity URL can be created byusing classes as explained below.

A “VanityReload” class is a startup class that can be initialized everytime weblogic is started. The VanityReload class is responsible forreloading a vanity.properties file. The vanity.properties file is thefile that is initially loaded during initial USM server startup. Thevanity.properties file may be modified by adding and deleting URLs. Itis stored in the server's memory and used by the vanity servlet for anyvanity request. In order to add a new URL to the vanity.properties file,the procedure may be performed as explained below.

To add a new vanity URL “abc”, i.e http://www.Internetbank.com/abc, anabc.uri property is required. For example,abc.uri=/sessionManager/dispatch?service=apply sendshttp://www.Internetbank.com/sessionManager/dispatch?service=apply to thevanity URL. Some of the optional properties that can be set usingabc.urlBase can include overriding the default urlbase e.g.abc.urlBase=http://promo.Internetbank.com/abc.uri=abc.html will send tohttp://promo.Internetbank.com/abc.html instead ofhttp://www.Internetbank.com/abc.html.

The ‘abc’.parameters can specify what parameters should be appended toabc.uri. If this (abc.params) property is set, corresponding individualparameter's properties should be set. For example, the followingproperties:

abc.uri=abc.html

abc.params=cell,promo,click_id,brand

abc.cell=6WGD, abc.promo=VWG9DWG51,

abc.click_id=%j

abc.brand=WING

would create and redirect to

http://www.Internetbank.com/abc.html?cell=6WGD&promo=VWG9DWG5&click_id=%j&brand=WING

An abc.expirydate property can be used to tell when the vanity URLexpires. Format YYYYMMDD, for example, abc.expirydate=20000416. Anabc.offerExpired.url is set to the URL where it is redirected to whenvanity URL expires e.gabc.offerExpired.url=http://www.wingspanbank.com/sorry.html

The default urlBase is which ever region the server is running under. Ifthe server is running in QA port 80 the default urlBase will behttp://wwwqa.Internetbank.com/.

Example 13 Customer Messaging

The USM may also provide a generic message screen where informativemessages will be displayed for the customers depending on some errorcondition occurring. For example, messaging conditions may include:

-   -   Invalid Login attempt (*)    -   Disabled account (*)—exceeded 3 maximum failed login attempts    -   Remote Service failure (*)—if login or registration fails due to        “OTHER” reasoning (system, network, or dB failure)    -   Remote Service unknown (*)—if service name is not known to the        USM and there is no valid re-directs available    -   System failure (*)—if there are some system problems that arise.    -   Successful Change Password    -   Invalid Change Password attempt (*)—if the username and old        password do not match what is in Sanchez    -   Disabled Change Password attempt (*)—if the username and old        password had or becomes disabled during Change Password process    -   Unsuccessful Change Password attempt (*)—if there were some        system problems, SQL update problems during the Change Password        process    -   Pending Account Status—if the customer's CIFSERV.STATUS value is        equal to 2.

In the (*) conditions above, the events are logged in the formatrequested by the Data Security server. These logged events may bewritten to logs on an hourly or other basis and there are processessearching these logs to generate reports. This file needs to beaugmented to trigger alerts automatically.

Example 14 Customer Branding/Top Navigation Bar

The User Session Manager may also have the capability to providecustomized top navigation bars depending on how a customer enters theInternet banking service, whether they go directly to host server orwhether they link to the Internet banking service from a partnered site,such as an Internet search engine.

Since the USM repaints the top navigation bar frequently during acustomers' session, a mechanism is included to capture the brand, when acustomer comes in front a partnered site, and retain it for the life ofthe customers host server session. For example, the USM may own theglobal outer frame, and all navigation may be directed through the USM.

Thus, when a customer navigates to the host server, the USM may check tosee if there exists a valid customer session. If not, the USM may createa sessions, store the branding ID in the session and pass the rest ofthe query string parameters along to the designated service. Allservices may need to be notified that more data may be passed to them inthe redirects and they may need to parse the data, or at least thebranding ID along to all page redirects, within their systems as well aswithin the Internet bank system.

The USM may take some of its internal functions and make them intoservices, such as login. For example, the ad URL may be specified by apartner, when the customized top navigation bar is displayed. In oneembodiment, customers of a search engine server can access the InternetBanking host server at least at three places.

An ad generator module may be employed to prevent display of competingads in the top navigation bar to the partnered site or brand.

Example 15 USM OFX Interface

Preferably, an Internet banking customer, such as with an access accountsuch as a Quicken account, or with the vanity servlet, or othermechanism may be able to download all of their account data from asingle button click. One way to accomplish this may include configuringthe access account or vanity.properties file to access the Internetbanking OFX server with an Internet banking username and password. TheInternet banking OFX server would then need to contact the USM to:

1. Perform the customer login to Internet bank service transparently;

2. The list of accounts retrieved from the validation module would haveto have an indicator that flags it as one of the customer's accountsthey want data automatically download;

3. The USM would then need to transparently log into the services thatmaintain the data for these accounts and retrieve the data (this couldbe by contacting an OFX server for each remote service);

4. The USM would then return this data to the Internet bank OFX server

5. The Internet bank OFX server may return the data to the OFX serverand the data downloaded to the customer.

Example 16 Email

A separate server may be hosting the email services for the Internetbanking system. For example, there may be links to email at variouslocations throughout the system so customers can email their questionsor concerns. The required pieces of data for email are first name, lastname, email address and optionally account number. If it is the Internetbanking host server contacting the email service, the account numberwill be their Internet bank account number. For the remote services,such as brokerage, they may need to contact the USM so the customer canget redirected to the email service.

The USM may also retrieve additional data values from a response to thevalidation customerLogin query. If the customer has not logged in, therewill be no values for first name, last name, or email. At this point,the bottom frame may be replaced with the email service. When thecustomer is done their email clicks submit, the email service mayredirect them to the dispatch servlet to direct the customer back to theremote services' main page. Notice that the service name variable forthe service=broker below may be the from Service value in the last partof the email redirects. The email service redirect may be:www.Internetbank.com/sessionManager/dispatch?service-broken.

Additional advantages features and modifications will readily occur tothose skilled in the art. Therefore, the invention is not limited to thespecific details in the representative embodiments shown and describedabove. Accordingly, various modifications may be made without departingfrom the spirit and scope of the general inventive concept as defined bythe appended claims.

What is claimed is: 1-26. (canceled)
 27. A banking system for offering aplurality of financial services to customers via a sign-on process,comprising: a host server; a universal session manager operativelydisposed on the host server, the universal session manager maintainingthe sign-on process; an interface to a plurality of remote servers bywhich a customer interfaces with the remote servers, the interfacegenerated by the universal session manager, the interface havingmultiple Graphical User Interface (GUI) presentations; and a validationmodule operatively linked to the universal session manager through anelectronic network, such that the universal session manager retrievesvalidation information from the validation database in order to validatea customer; the universal session manager, in conjunction with thevalidation module, enabling customers of the banking system to accessthe host server and the plurality of remote servers via a single loginto the host server; the host server providing a consolidated homepage,via the interface, that gives a customer information on accounts of thecustomer with the banking system, and the host server further providinglinks to the accounts in a first GUI presentation of the interface, theaccounts being respectively maintained by the plurality of remoteservers; and upon selection of a link by a customer, the universalsession manager: checks, based on information in the validationdatabase, that the customer is allowed access to the remote server;provides access to a particular remote server, by hosting the remoteserver in an additional GUI presentation of the interface, so as toallow the customer use of services on the remote server; andsimultaneously presents the first GUI presentation, containing the linksto the accounts, while presenting the additional GUI presentation; andthe universal session manager monitoring access to the remote server toobserve an event associated with operation of the universal sessionmanager; and the universal session manager sending a communication tothe remote server based on observing the event associated with operationof the universal session manager.
 28. The banking system of claim 27,the first GUI presentation constituted by a first frame, and the secondGUI presentation constituted by an additional frame.
 29. The bankingsystem of claim 27, the information on accounts of the customer issummary information on accounts of the customer.
 30. The banking systemof claim 27, the event associated with operation of the universalsession manager is constituted by access to the remote server.
 31. Thebanking system of claim 27, the event associated with operation of theuniversal session manager is constituted by customer activity includingcustomer access to the remote server.
 32. The banking system of claim31, wherein the customer activity is constituted by access to the remoteserver through the additional GUI presentation.
 33. The banking systemof claim 32, the universal session manager updating a last accessed time(LAT) variable based on the access to the remote server through theadditional GUI presentation, the LAT variable controlling sessiontimeouts.
 34. The banking system of claim 33, the universal sessionmanager sending the communication to the remote server upon customertimeout.
 35. The banking system of claim 32, the universal sessionmanager sending the communication to the remote server upon customerlogout.
 36. The banking system of claim 27, wherein the validationmodule further includes a database storing information required forregistering a customer in the remote service.
 37. The banking system ofclaim 27, further comprising a trusted service module that serves as anintermediary between the host server and a trusted service provider. 38.The banking system of claim 37, wherein the trusted service providercomprises a remote server with special access requirements.
 39. Thebanking system of claim 27, wherein the remote server is a remoteservice provider that further comprises a registration module and alogin module.
 40. The banking system of claim 39, wherein the loginmodule receives the data for gaining access to the services provided bythe remote service provider.
 41. The banking system of claim 39, whereinthe registration module receives the data for registering a customer inthe remote service provider.
 42. A method for accessing a plurality offinancial services offered by a banking system comprising a host serverand a plurality of remote servers operatively linked across anelectronic network, the method comprising: receiving login information,for accessing the host server, from a customer; the host serverproviding a consolidated homepage providing (1) an overview of availableservices that can be accessed a single login on to the banking system,and (2) links to the available services, the consolidated homepageincluding a first Graphical User Interface (GUI) presentation and anadditional GUI presentation; retrieving data for accessing at least oneremote server based at least in part on the received login information;transmitting said data to the at least one remote server; authenticatingthat access by the customer to the at least one remote server isallowed; and transparently connecting the customer to the remote serversuch that the customer is provided access to the remote server, byhosting the remote server in the additional GUI presentation of theinterface, so as to allow the customer use of services on the remoteserver, the method including simultaneously presenting the first GUIpresentation, containing the links to the accounts, while presenting theadditional GUI presentation; monitoring access to the remote server toobserve an event associated with operation of the universal sessionmanager; and sending a communication to the remote server based onobserving the event associated with operation of the universal sessionmanager.
 43. The banking system of claim 42, the event associated withoperation of the universal session manager is constituted by access tothe remote server.
 44. The banking system of claim 42, the eventassociated with operation of the universal session manager isconstituted by customer activity including customer access to the remoteserver.
 45. The method of claim 44, the monitoring access to the remoteserver to observe customer activity including: updating, by a universalsession manager associated with the host server, a last accessed time(LAT) variable based on access to the at least one remote server throughthe additional GUI presentation, the LAT variable controlling sessiontimeouts of the consolidated homepage.
 46. The method of claim 45, thesending a communication to the remote server based on observing thecustomer activity including: sending, by the universal session manager,a communication to the at least one remote server upon either customerlogout or timeout, such constituted by a communication from theuniversal session manager to the at least one remote server withoutdirecting the customer to the at least one remote server.
 47. The methodof claim 45, the sending a communication to the remote server based onobserving the customer activity including: sending, by the universalsession manager, a communication to the at least one remote server uponcustomer timeout, such constituted by a communication from the universalsession manager to the at least one remote server without directing thecustomer to the at least one remote server.
 48. The method of claim 42,further comprising: determining customer data and customer preferences;and dynamically generating a customized homepage based on said customerdata and customer preferences.
 49. The method of claim 42, furthercomprising dynamically determining what offers to target to customers.50. The method of claim 42, the first GUI presentation is maintained bythe host server, and the additional GUI presentation is maintained by aremote server providing services; and wherein the transmitting said datato the at least one remote server includes the host server directlysending login information to the at least one remote server, the logininformation including a customer username and password.
 51. The methodof claim 42, further comprising the steps of: authenticating theidentity of a customer; and transparently login the customer to all theservices for which the customer has signed up, wherein said consolidatedhomepage includes: a tab for accessing banking products and services acustomer may be entitled to have but does not currently have; and aplanning tab for providing financial planning assistance; and the methodfurther comprising: determining customer data, and customer preferences;and dynamically generating a customized homepage based on said customerdata and customer preferences; and the first GUI presentation ismaintained by the host server, and the additional GUI presentation ismaintained by a remote server providing services.